Thursday, January 7, 2016

vSphere 6.0 U1b released - includes changes to TLS

On January 7, 2016, VMware released minor updates to vCenter and ESXi, v6.0 U1b. These updates are an important first step towards removing TLS 1.0 to meet regulatory and security requirements such as PCI DSS 3.1.

The 6.0 U1b updates add support for TLS versions 1.1 and 1.2 for most of the vSphere components without breaking the previously supported compatibility/interoperability.

There are some vSphere components that still support only TLS version 1.0 listed below:
vSphere Client
Virtual SAN Observer on vCenter Server Appliance (vCSA)
Syslog on vCSA
Auto Deploy on vCSA
Auto Deploy/iPXE

Once the patches are applied to vCenter Server and ESXi hosts, they will support all TLS versions, 1.0, 1.1 and 1.2 with the exception of the components listed above. See Knowledge base article 2136185 for the list of protocol versions supported on different services that have been tested for compatibility support and interoperability.

When planning out upgrades to your vSphere 6 environment, it is important to follow Knowledgebase article 2109760, Update sequence for vSphere 6.0 and its compatible VMware products, the VMware Product Interoperability Matrix and the information in the release notes.